SCO OpenServer vi Insecure Temporary File Creation Vulnerability

An insecure temporary file creation vulnerability exists in the implementation of the vi editor included with some versions of SCO OpenServer.

The editor creates temporary files in /tmp without checking if the file already exists, using easily predictible names. As a result, it may be possible for a malicious user with local access to a host to cause local files to be overwritten, using a symbolic link attack.


Privacy Statement
Copyright 2010, SecurityFocus